The purpose of the course is twofold: on the one hand, we will introduce the basic concepts on computer security, on the other hand, we will cover the security problems specific to Web and mobile systems.
Expected learning outcomes
· Being able to identify the security properties a system must ensure in order to be considered "secure" · Knowing the main approaches that can be used to authenticate users to a machine · Being able to analyse a security protocol and possibly highlight the vulnerabilities with respect to the most common types of attack · Being able to identify and describe the most common attacks on Web applications · Knowing the most frequent malware and how they propagate · Being able to describe the security issues of mobile devices
1. Introduction to computer security. The problem of computer security: how to protect yourself, against whom or what. 2. The access control problem. Access control models and security policies: discretionary access control (DAC), mandatory access control (MAC), role based access control (RBAC). Man-machine authentication. Access control in Linux. 3. Secure communication along an insecure channel: security protocols and cryptographic primitives. Common attacks to security protocols. 4. Security of Web systems. The HTTP protocol vulnerabilities. SQL Injection and Cross Site Scripting (XSS). Email security. Malware. Web Application fingerprinting. The privacy problem. 5. Security of mobile systems. Common vulnerabilities, malware and attacks. Android security as case study.